BreachExchange mailing list archives
Re: time to name names (was Re: MORE BNY (Mellon Corp)Tape s lost)
From: "DAIL, WILLARD A" <ADAIL () sunocoinc com>
Date: Fri, 6 Jun 2008 19:17:15 -0500
As a legitimate company, the street value of an identity is meaningless, unless one plans to sell identities. Executives and Risk Managers need to focus on the regulatory and punitive damage costs of a breach. Who cares if a full identity goes for $20 if you'll end up paying $125 for losing it? The only use I have ever found for the data is to illustrate a thief's financial incentive to attack a given system, while attempting to justify hardening it. -----Original Message----- From: "Paul Ferguson" <fergdawg () netzero net> To: "lawyer () carpereslegalis com" <lawyer () carpereslegalis com> Cc: "dataloss () attrition org" <dataloss () attrition org> Sent: 6/6/08 7:02 PM Subject: Re: [Dataloss] time to name names (was Re: MORE BNY (Mellon Corp)Tape s lost) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Marjorie Simmons" <lawyer () carpereslegalis com> wrote:
| Even if you go with a conservative estimate that one | 'identity' is worth less than 20 bucks (recently stated | in a paper) . . . First, the worth of an identity is not the market value
of the identity, because the market is illegitimate.
I would suggest that is actually not the case -- while the market for identity credentials (includes login IDs, credit card numbers, CVV & Track 2 data, SSNs, etc.) may indeed be illegitimate, it is thriving. So as far as I'm concerned, the statement above on market value is completely meaningless. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFISc7Vq1pz9mNUZTMRAr2TAKDedtywJzO7QUv9xukUQuI1LB1ObgCeMcBD EQrBJV23UlfpCo7UsMy6Csg= =Z/MH -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Re: time to name names (was Re: MORE BNY (Mellon Corp)Tape s lost) DAIL, WILLARD A (Jun 06)